Auth0 MCP Server
Official Auth0 MCP server connecting Claude, Cursor, Windsurf, VS Code, and Gemini to Auth0 Management APIs. Create apps, deploy Actions, debug logs, and query users with natural-language commands. Read-only mode and tool-glob filtering supported. Beta software per Auth0.
“Official Auth0 MCP server connecting Claude, Cursor, Windsurf, VS Code, and Gemini to Auth0 Management APIs. Create apps, deploy Actions, debug logs, and query users with natural-language commands. 11 commits on main in the last 30 days. Currently in beta (0.1.0-beta.11 on npm); Auth0 marks the package as beta software. Strong official-vendor signal balanced against the beta status.”
INSTALL THIS SERVER
{
"mcpServers": {
"auth0": {
"command": "npx",
"args": [
"-y",
"@auth0/auth0-mcp-server",
"run"
]
}
}
}
{
"mcpServers": {
"auth0": {
"command": "npx",
"args": [
"-y",
"@auth0/auth0-mcp-server",
"run"
]
}
}
}
{
"mcpServers": {
"auth0": {
"command": "npx",
"args": [
"-y",
"@auth0/auth0-mcp-server",
"run"
]
}
}
}
{
"mcpServers": {
"auth0": {
"command": "npx",
"args": [
"-y",
"@auth0/auth0-mcp-server",
"run"
]
}
}
}
{
"mcpServers": {
"auth0": {
"command": "npx",
"args": [
"-y",
"@auth0/auth0-mcp-server",
"run"
]
}
}
}
8 TOOLS AVAILABLE
OUR ASSESSMENT
- Official Auth0 vendor maintenance.
- 11 commits on main in the last 30 days.
- MIT licence.
- Five-client install with one command (npx @auth0/auth0-mcp-server init --client {claude,cursor,windsurf,vscode,gemini}).
- Read-only mode and tool-glob filtering give clear scoping primitives.
- Interactive tenant authentication (no manual token paste).
- Published to npm as @auth0/auth0-mcp-server with active beta releases (current 0.1.0-beta.11 from 2026-04-20).
- Beta software per the README; Auth0 documents that features, APIs, and functionality may change.
- 106 GitHub stars at time of review; adoption signal is modest.
- Single-tenant scoping per init; multi-tenant operators run separate configs.
- Beta status carries Auth0 caution against production use; verify your support contract before deploying broadly.
The MCP holds Auth0 Management API access through the interactive tenant authorisation flow. Use --read-only for diagnostic agents. Use --tools auth0_list_,auth0_get_ to lock the agent to read paths. The --client flag writes to the corresponding client config file (Claude Desktop, Cursor, etc.); review the written config for unexpected entries before running the agent. Tokens are stored in the OS keychain on macOS and Linux; on Windows, review the credential store path documented in the README.
Auth0 customers running an enterprise tenant where engineers already manage Auth0 from the dashboard and want agent access to common operations; workflows that bootstrap apps, deploy Actions, or debug logs from inside the editor while leaving the Auth0 dashboard for deeper audits; read-only audit operations using the --read-only flag plus tool-glob filtering.
TECHNICAL DETAILS
ADOPTION METRICS
// Reading this106 stars; adoption signal is early. Official Auth0 maintenance and 11 commits on main in the last 30 days carry the editorial weight.
// Reading thisSecond-ranked in security on official-vendor signal and tool surface scoping.
SOURCES & VERIFICATION
We don't take any single directory's word for it. Before scoring, we cross-reference 5 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.
The same server, 5 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.
| Source | Their rating | Their star count | Their downloads | Last synced |
|---|---|---|---|---|
| AutomationSwitch This page | 4.3editorial | 106 | — | MAY 1, 2026 |
| PulseMCP | — unrated | unavailable | unavailable | MAY 1, 2026 |
| MCP.so | — unrated | unavailable | unavailable | MAY 1, 2026 |
| Glama | — unrated | unavailable | unavailable | MAY 1, 2026 |
| Smithery | — unrated | unavailable | unavailable | MAY 1, 2026 |
| Official MCP Registry | — unrated | unavailable | unavailable | MAY 1, 2026 |
// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.
OTHER SECURITY MCP SERVERS
Prowler MCP
Cloud Security Posture Management (CSPM) platform with 1000+ security checks across multiple cloud providers and 70+ compliance frameworks, exposed through MCP. Three deployment options: Prowler Cloud (recommended), local stdio, self-hosted HTTP. 13,717 stars, Apache-2.0.
HashiCorp Vault MCP
Official HashiCorp MCP for Vault: secrets, mounts, KV, and PKI management with stdio and Streamable HTTP transports. 9 commits on main in the last 30 days. MPL-2.0 with HashiCorp official-vendor signal.
AWS IAM MCP
Official AWS Labs MCP for IAM administration: users, roles, groups, policies, inline policies, access keys, and policy simulation. Read-only mode supported via --allow-write opt-in pattern. Apache-2.0 within awslabs/mcp monorepo.
AWS CloudTrail MCP
Official AWS Labs MCP for CloudTrail: 90 days of management events via lookup_events and Trino-compatible SQL queries against CloudTrail Lake Event Data Stores. 3 commits on the server path in the last 30 days. Pairs with the IAM MCP for security audit workflows.
Infisical MCP
Official Infisical MCP server for secrets management. 10 tools cover the full secret lifecycle plus project, environment, folder, and member management. Two authentication methods (machine identity universal-auth and access-token), self-hostable instance support via INFISICAL_HOST_URL.
Trivy MCP
Official Aqua Security Trivy plugin that turns Trivy scanning capabilities into an MCP server. Distributed as a Trivy plugin: `trivy plugin install mcp`. Three transport modes (stdio, streamable HTTP, SSE), IDE integration for VS Code, Cursor, JetBrains, and Claude Desktop.
DISCUSS YOUR
MCP REQUIREMENTS.
Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.